Probo

At a Glance:

Probo is an open-source, self-hostable governance, risk, and compliance (GRC) platform providing AI-native access through 270+ MCP tools, a GraphQL API, a CLI, and a web console for engineering and security teams to manage the full GRC lifecycle.

Overview:

Probo is an open-source GRC platform built for engineering and security teams that need to manage risk, controls, audits, and compliance as code. It covers the full GRC lifecycle, including risk management, control frameworks, vendor risk, data privacy assessments, access reviews, and audit programs. The platform is designed for automation, exposing every entity through a web console, a dedicated CLI with over 44 command groups, a GraphQL API, and a Model Context Protocol (MCP) API with more than 270 tools. This architecture allows teams to integrate compliance tasks into scripts, CI/CD pipelines, no-code n8n workflows, or any MCP-compatible LLM agent. Probo is ISC licensed and can be run on your own infrastructure using Docker.

Key Decision Points:

• AI-native architecture for GRC engineers: Exposes 270+ MCP tools, allowing any MCP-compatible LLM agent to directly interact with compliance data for tasks like drafting policies or running risk assessments.

• Multiple interfaces for automation: Offers a web console, a GraphQL API, and a prb CLI for scripting and CI/CD integration, in addition to an n8n community node for no-code workflows.

• Self-hosted deployment model: The platform is provided under an ISC license and can be run on your own infrastructure with Docker, using a PostgreSQL backend.

• Full GRC lifecycle coverage: Manages risk, controls, vendor risk, data privacy (DPIA/TIA), access reviews, and audit programs within a single platform.

Core Features:

• Risk register: Tracks risks with inherent and residual scoring and supports treatment strategies such as mitigate, accept, avoid, and transfer.

• Control and framework management: Includes a control library with maturity levels, custom framework import/export, and Statement of Applicability (SoA) generation.

• MCP API integration: Provides 270+ MCP tools that expose the platform's operations to LLM agents for reading, writing, and automating GRC data tasks.

• Access review campaigns: Manages per-entry access decisions through campaigns integrated with SaaS, cloud infrastructure, and source code sources.

• Document approvals and signatures: Supports versioned documents, approval quorums, electronic signatures, and PDF exports through document management workflows.

• Audit program tools: Covers audit scoping, control mapping, finding tracking, and evidence collection from files and URLs.

Use Cases:

• Security engineers can automate evidence collection and risk assessment tasks using the prb CLI or GraphQL API.

• Developers can build custom compliance workflows by connecting an MCP-compatible LLM agent directly to Probo's 270+ MCP tools.

• Teams requiring self-hosted GRC can run the full platform on their own Docker infrastructure to manage vendor risk, DPIAs, and access reviews.

• Compliance officers can use the web console to manage audit programs, document sign-offs, and publish a public compliance portal with NDA management.

Open-Source Alternative Value:

As an ISC-licensed, self-hostable GRC platform, Probo offers an alternative for engineering teams that prefer to run compliance tooling on their own infrastructure. Its AI-native design, which exposes all operations through a documented MCP API, allows for programmatic interaction that is not limited to a proprietary UI. The availability of a GraphQL API, a fully-featured CLI, and an n8n integration node provides multiple paths for embedding compliance checks into existing development and automation workflows, rather than operating in a separate, closed system.